This is a newly set-up host that RelEng will need to be able to access over https to admin the new update server.

I've added the ACLs for 10.8.81.20 and 10.8.81.74 to the vpn_releng group, but note that the .mozilla.org and .allizom.org names might have difficulty being resolved in certain VPN client configurations, if they are doing per-domain resolution (similar to the ship-it hosts). I'd recommend keeping public names with public IPs and using internal names internally to avoid this (both for these as well as the ship-it hosts), not sure who to have review and make that change though.

(In reply to Justin Dow [:jabba] from comment #1) > I've added the ACLs for 10.8.81.20 and 10.8.81.74 to the vpn_releng group, > but note that the .mozilla.org and .allizom.org names might have difficulty > being resolved in certain VPN client configurations, if they are doing > per-domain resolution (similar to the ship-it hosts). WFM now. I had someone on Mac test too (which does do per-domain resolution, I think), and it worked for him too. > I'd recommend keeping > public names with public IPs and using internal names internally to avoid > this (both for these as well as the ship-it hosts), not sure who to have > review and make that change though. Internal IPs is actually a security requirement. From my point of view, I don't see why we couldn't use a hostname that makes more sense for you and your systems. I'll put that on my list to revisit in the near future.

Yeah, if internal IPs are a requirement, then I'd suggest internal naming schema, although a public IP that is firewalled/ACL'd to only allow VPN clients would be an option as well in most cases. If it is working for you though, then we can definitely revisit it later than sooner.